Polylog
The Polylog AI Intelligence Brief

Morning Edition · Friday, July 3, 2026

Anthropic redeploys Fable 5 with a stricter classifier it admits flags more benign code

The model returned July 1 after a 19-day suspension, and users report ordinary coding requests being rerouted to the pricier Opus 4.8.

Anthropic redeploys Fable 5 with a stricter classifier it admits flags more benign code

Anthropic redeployed Claude Fable 5 globally on July 1 after a suspension, shipping a retrained safety classifier that the company says blocks over 99% of the reported jailbreak technique. In the same note it concedes the tradeoff directly. The new classifier "comes at the cost of flagging benign requests more often during routine coding and debugging tasks," and MarkTechPost confirms that it routes flagged cybersecurity, biology, and distillation queries to Opus 4.8 rather than answering with Fable.

This is where the user complaints start. The AI Post channel argues that strict guardrails severely degraded Fable 5 rather than merely weakening it, and in a separate post claims a developer paid 321 dollars for a session in which the classifier quietly routed roughly three-quarters of the work to Opus after flagging ordinary coding requests. Those figures are user-reported and unverified.

Anthropic's documentation disputes the billing charge specifically. Per the company's platform guidance, when a request is rerouted to Opus 4.8 the fallback input tokens are billed as a cache hit at 10% of the base rate rather than at full Opus pricing, and the reroute is said to trigger in fewer than 5% of sessions with a user notification. So the verified picture is a stricter classifier with more false positives on benign code, while the claim of large silent overcharges is contested and, by Anthropic's account, structurally prevented.

For engineers the actionable part is behavioral, not just financial. A classifier tuned to block 99% of a jailbreak will misclassify legitimate security and low-level systems work, which means Fable 5 users doing offensive-security research, malware analysis, or kernel work should expect refusals or reroutes and should design their pipelines to detect the fallback token in the response metadata.

Veracity: Corroborated
80/100
If true, who benefits

Anthropic, whose stricter classifier limits liability from the reported jailbreak while routing flagged work to the pricier Opus tier, a structure critics argue also steers billable volume upward.

The nuance

The stricter classifier and higher false-positive rate are documented by Anthropic, but the large silent-overcharge claim rests on a single unverified user report that Anthropic's cache-hit billing (10% of base rate) is designed to prevent.

An open-source-intelligence read of how likely this story is true with its real nuance, not a judgment of any outlet. It assesses the claim, weighing independent and adversarial reporting. How we label confidence.

What this means

Safety tuning now has a measurable, visible cost to paying developers, and labs are being held to account for it in public. The episode shows the industry moving toward severity-graded jailbreak frameworks while accepting higher false-positive rates on benign work, a tradeoff that will push security-sensitive engineering toward models or self-hosted stacks with looser guardrails.

What to watch

  • Whether Anthropic publishes the benign false-positive rate for the new classifier, which would move the overcharge debate from anecdote to data.
  • The cross-lab jailbreak-severity rubric Anthropic is drafting with Amazon, Microsoft, and Google, since a shared scoring standard would shape how every major model gates security-adjacent requests.

Observations to monitor, not financial advice.

3 sources

Synthesized from: Anthropic News · Polylog editors · MarkTechPost

Part of a tracked trend

AI Labs Gate Access and Face Accountability on Paid-Tier Promises

Over the next 3-6 months, frontier labs tighten who can use their consumer products — ID/KYC checks, usage-limit enforcement — while facing legal and customer pushback over what paid tiers actually deliver.